I've found several versions of KAV to be a medium-sized pile of sh*t,
but due to management decisions we're stuck with it in our company (much
to my regret). :-(
The biggest problem we've found with KAV 5.0 (besides aveserver crashing
from time to time after virus definitions updates), is that aveclient
always prints the correct info on the screen (if it founds a virus or
not) but sometimes the return code passed to the shell is incorrect (0
when there was a virus, instead of 4). As q-s always relies on this
return code, when aveclient returns the wrong code it thinks the message
is clean and passes it through.
We've had to modify q-s to always ignore the return code and parse the
stdout of the aveclient process looking for "LINFECTED" and it seems to
work... This was a big win, we had even bigger issues with KAV 4.0...
oh, well.
Hope that helps.
Anyway, anybody else is experiencing this kind of inconsistency problems
in the return codes with KAV?
El miÃ, 04-08-2004 a las 02:44, Yuri Nosyrev escribiÃ:
> Yuri Nosyrev wrote:
>
> > I'm guarded with the output of kavscanner:
> > Just
> > 'Kaspersky Virus Scanner for linux. Version 5.0.2.0/RELEASE build #1
> > Copyright (C) Kaspersky Lab. 1998-2003.'
> > is not enough, there are no any words about licence or AV-base
> > which always appear in the output while running kavscanner from command
> > line (under qscand user too)
>
> More over about kavscanner's output, i.e $avp_binary output:
> the output of
> # setuidgid qscand /usr/bin/kavscanner /var/spool/qmail-scanner
> (options are set in conf-file) is:
> ########################################################################
> [04-08-2004 09:45:16 I] Copyright (C) Kaspersky Lab. 1998-2003.
> [04-08-2004 09:45:46 I] Kaspersky Virus Scanner for linux. Version
> 5.0.2.0/RELEASE build #1
> [04-08-2004 09:45:46 I] Copyright (C) Kaspersky Lab. 1998-2003.
> [04-08-2004 09:45:48 I] There are 1 Kaspersky license keys found:
> [04-08-2004 09:45:48 I] License file 00068B01.key, serial
> 0286-000416-00068B01, "ÑÐÐÐÐÐÐÐÐ ÐÐÐÐÐÐÐÐÐÐÐ Business Optimal
> (LP) for
> Linux File Serv
> er", expires 24-03-2005 in 234 days
> [04-08-2004 09:45:48 I] There are 95131 records loaded, the latest
> update 03-08-2004
> [04-08-2004 09:45:48 I] Config file: /etc/kav/5.0/kav4unix.conf
> [04-08-2004 09:45:48 I] The scan path: /var/spool/qmail-scanner/
> [04-08-2004 09:45:48 D] Configuration options:
> ...
> [04-08-2004 09:45:48 A] /var/spool/qmail-scanner/quarantine.log OK
> [04-08-2004 09:45:48 A] /var/spool/qmail-scanner/quarantine.log OK
> [04-08-2004 09:45:48 A] /var/spool/qmail-scanner/mailstats.csv OK
> [04-08-2004 09:45:48 A]
> /var/spool/qmail-scanner/quarantine-attachments.txt OK
> [04-08-2004 09:45:49 A] /var/spool/qmail-scanner/qmail-queue.log OK
> [04-08-2004 09:45:49 A]
> /var/spool/qmail-scanner/quarantine-attachments.db OK
> [04-08-2004 09:45:49 A] /var/spool/qmail-scanner/refresh_db OK
> [04-08-2004 09:45:49 A]
> /var/spool/qmail-scanner/qmail-scanner-queue-version.txt OK
> [04-08-2004 09:45:49 I] Scan summary: Files=8 Folders=9 Archives=0
> Packed=0 Infected=0 Warnings=0 Suspicios=0 Cured=0 CureFailed=0
> Corrupted=0 P
> rotected=0 Error=0 ScanTime=00:00:01 ScanSpeed=99.009 Kb/s
> ########################################################################
>
> ok, let us look at qmail-scanner + kavscanner output:
> $DD=`$avp_binary $ENV{'TMPDIR'} 2>&1` shows just this:
> ************************************************************************
> [04-08-2004 09:45:16 I] Copyright (C) Kaspersky Lab. 1998-2003.
> [04-08-2004 09:45:46 I] Kaspersky Virus Scanner for linux. Version
> 5.0.2.0/RELEASE build #1
> ************************************************************************
> the same as command
> # kavscanner -v
> :) very interesting... the whole calling of kavscanner is above, there's
> no "-v" option in it indeed.
>
> ok, follow me... what if we change string "$DD=`$avp_binary
> $ENV{'TMPDIR'} 2>&1`" to something, say "$DD=`ls -l $ENV{'TMPDIR'}`"???
> ...done:
> $DD=`ls -l $ENV{'TMPDIR'}` and its output:
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> Wed, 04 Aug 2004 10:05:29 YAKST:28416: --output of avp was:
> total 84
> -rw------- 1 qscand vchkpw 79 Aug 4 10:05
> 1091577929.28420-0.phoenix.slavel.ru
> -rw------- 1 qscand vchkpw 420 Aug 4 10:05
> 1091577929.28420-1.phoenix.slavel.ru
> -rw------- 1 qscand vchkpw 28978 Aug 2 05:48 file.zip
> -rw------- 2 qscand vchkpw 42050 Aug 4 10:05
> orig-phoenix.slavel.ru109157792847928416
> --
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
>
> It works correct for sure...
> Does it help somehow?
> Group owner of files above is vchkpw because of smtp-auth over
> vpopmail's accounts, but I guess it doesn't matter: chmod=600
--
Vicente Aguilar <[EMAIL PROTECTED]>
Departamento de Sistemas
Tlf.: 965 98 71 92
Recursos en la Red, S.L.U.
http://www.renr.es
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
